Product documentation
Citrix DaaS Flex
View PDF

Microsoft Entra ID

June 23, 2026
Contributed by: 
S

Support for Microsoft Entra ID and Intune allows Citrix DaaS Flex to extend identity, access, and device management capabilities, helping organizations improve security posture, support compliance requirements, and streamline the end-user experience. Combining this functionality with Microsoft Entra single sign-on provides users with a seamless experience.

Configure Microsoft Entra ID identity

Create an Entra ID App Registration

  1. In your Azure portal, navigate to Entra ID > App registration > New registration.

  2. Register a new application.

    Note:

    The Azure administrator must have multifactor authentication configured.

  3. On the overview page, copy and save the following values:

    • Application (client) ID
    • Directory (tenant) ID
  4. In the left sidebar, click Certificates & Secrets > New client secret.

  5. Fill in the Description field and choose an expiration duration for the client secret.

    Note:

    You will be prompted for this expiration date in a later step within the Citrix console.

  6. Immediately copy the Value column. This is your client secret and is only shown once.
  7. In the left sidebar, click API permissions > Add a permission > Microsoft Graph > Application permissions.

  8. Search for and select the following permissions:

    • Device.ReadWrite.All — required for Entra ID registration
    • DeviceManagementManagedDevices.ReadWrite.All — required for Intune device enrollment
  9. Click Add permissions.

  10. On the API permissions page, click Grant admin consent for <tenant name>, then click Yes to confirm.

    Note:

    Verify that both permissions show a green checkmark under the Status column.

    Configured Permissions

Create a Service Account

During the Create catalog workflow, a Microsoft Entra ID service account is required. For more information, see Azure AD service accounts.

Create Catalog

Enable Entra ID Single Sign-On

Microsoft Entra ID Single Sign-On (SSO) allows users to authenticate once using their Entra ID credentials and gain seamless access to virtual applications and desktops without being prompted to sign in again. SSO is supported for session hosts that are Microsoft Entra joined or Microsoft Entra hybrid joined.

For more information on configuration, see Enable Entra ID SSO for virtual apps and desktops.

Microsoft Entra ID
June 23, 2026
Contributed by: 
S
June 23, 2026
Contributed by: 
S

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.